Upgrade to Pro — share decks privately, control downloads, hide ads and more …

2000day in Safari

Avatar for Bo0oM Bo0oM
May 21, 2019
2
2.2k

2000day in Safari

Avatar for Bo0oM

Bo0oM

May 21, 2019
Tweet

More Decks by Bo0oM

See All by Bo0oM
Носок на сок
Avatar for Bo0oM bo0om
0
1.5k
Выйди и зайди нормально
Avatar for Bo0oM bo0om
0
55
Защита от вредоносной автоматизации сегодня
Avatar for Bo0oM bo0om
0
560
Defending against automatization using nginx
Avatar for Bo0oM bo0om
0
810
Antibot pitch deck
Avatar for Bo0oM bo0om
0
130
31337
Avatar for Bo0oM bo0om
0
160
Your back is white
Avatar for Bo0oM bo0om
0
340
FTP2RCE
Avatar for Bo0oM bo0om
1
7.4k
Interpret it!
Avatar for Bo0oM bo0om
0
1.1k

Featured

See All Featured
Statistics for Hackers
Avatar for Jake VanderPlas jakevdp
799
220k
4 Signs Your Business is Dying
Avatar for Josh Pigford shpigford
183
22k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
Avatar for Tammy Everts tammyeverts
52
2.7k
Faster Mobile Websites
Avatar for Dean Hume deanohume
307
31k
Distributed Sagas: A Protocol for Coordinating Microservices
Avatar for Caitie McCaffrey caitiem20
331
21k
Bash Introduction
Avatar for André Augusto Costa Santos 62gerente
613
210k
Speed Design
Avatar for Sergey Chernyshev sergeychernyshev
30
960
Practical Orchestrator
Avatar for Shlomi Noach shlominoach
187
11k
Code Review Best Practice
Avatar for Trisha Gee trishagee
68
18k
Fight the Zombie Pattern Library - RWD Summit 2016
Avatar for Marcelo Somers marcelosomers
233
17k
The Invisible Side of Design
Avatar for Vitaly Friedman smashingmag
299
50k
Navigating Team Friction
Avatar for Lara Hogan lara
185
15k

Transcript

  1. 2000-day in Safari Anton Lopanitsyn @i_bo0om

  2. phdays.com #PHDays XSS https://portswigger.net/web-security/cross-site-scripting

  3. phdays.com #PHDays UXSS https://evil.com https://victim.com

  4. phdays.com #PHDays Save as webpage, complete

  5. phdays.com #PHDays chrome://flags

  6. phdays.com #PHDays MHTML

  7. phdays.com #PHDays MHTML

  8. phdays.com #PHDays

  9. phdays.com #PHDays Safari save as webarchive

  10. phdays.com #PHDays Signed webarchive

  11. phdays.com #PHDays Plaintext webarchive

  12. phdays.com #PHDays Plaintext webarchive <script> … </script>

  13. phdays.com #PHDays Plaintext webarchive

  14. phdays.com #PHDays

  15. phdays.com #PHDays https://blog.rapid7.com/2013/04/25/abusing-safaris-webarchive-file-format/

  16. phdays.com #PHDays

  17. phdays.com #PHDays

  18. phdays.com #PHDays

  19. phdays.com #PHDays

  20. phdays.com #PHDays

  21. phdays.com #PHDays xhtml

  22. phdays.com #PHDays xhtml

  23. phdays.com #PHDays file:///Users/bo0om/Library/Containers/com.apple.mail/Data/Library/Mail%20 Downloads/2F4D2013-CCBF-4341-B05E-CEB4B76F30CE/Document.xhtm file:///Users/bo0om/Downloads/33h0ygug3ulny0gvwhh3d.webarchive

  24. phdays.com #PHDays

  25. phdays.com #PHDays file:///Users/bo0om/Library/Containers/com.apple.mail/Data/Downloads/x.webarchive file:///Users/bo0om/Library/Containers/com.apple.mail/Downloads/x.webarchive file:///Users/bo0om/Library/Containers/Downloads/x.webarchive file:///Users/bo0om/Library/Downloads/x.webarchive file:///Users/bo0om/Downloads/x.webarchive

  26. phdays.com #PHDays DEMO https://github.com/Bo0oM/Safari2000day)

  27. Thank you!